2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT

ASSOCIATED FILES:

• 2019-11-27-Emotet-epoch-3-infected-Windows-client-as-spambot.pcap.zip   20 MB (19,994,798 bytes)

NOTES:

• This is traffic from the middle of an Emotet infection, where the infected Windows host was acting as a spambot.
• Zip archives are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Infection traffic filtered in Wireshark.

 

Shown above:  Filtering to see if any of the malspam was sent using unencrypted SMTP.

 

Shown above:  Exporting IMF (Internet Mail Format) items from the pcap.

 

Shown above:  Filtering on HTTP post-infection traffic for Emotet in this pcap.

 

Click here to return to the main page.